- 21 Nov, 2018 40 commits
-
-
Johan Hovold authored
commit f9a70823 upstream. Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable@vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse@codeaurora.org> Cc: Rob Clark <robdclark@gmail.com> Cc: David Airlie <airlied@linux.ie> Signed-off-by:
Johan Hovold <johan@kernel.org> Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Miklos Szeredi authored
commit 4c316f2f upstream. Otherwise fuse_dev_do_write() could come in and finish off the request, and the set_bit(FR_SENT, ...) could trigger the WARN_ON(test_bit(FR_SENT, ...)) in request_end(). Signed-off-by:
Miklos Szeredi <mszeredi@redhat.com> Reported-by: syzbot+ef054c4d3f64cd7f7cec@syzkaller.appspotmai Fixes: 46c34a34 ("fuse: no fc->lock for pqueue parts") Cc: <stable@vger.kernel.org> # v4.2 Signed-off-by:
-
Miklos Szeredi authored
commit 908a572b upstream. Using waitqueue_active() is racy. Make sure we issue a wake_up() unconditionally after storing into fc->blocked. After that it's okay to optimize with waitqueue_active() since the first wake up provides the necessary barrier for all waiters, not the just the woken one. Signed-off-by:
-
Kirill Tkhai authored
commit d2d2d4fb upstream. After we found req in request_find() and released the lock, everything may happen with the req in parallel: cpu0 cpu1 fuse_dev_do_write() fuse_dev_do_write() req = request_find(fpq, ...) ... spin_unlock(&fpq->lock) ... ... req = request_find(fpq, oh.unique) ... spin_unlock(&fpq->lock) queue_interrupt(&fc->iq, req); ... ... ... ... ... request_end(fc, req); fuse_put_request(fc, req); ... queue_interrupt(&fc->iq, req); Signed-off-by:
Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
-
Kirill Tkhai authored
commit bc78abbd upstream. We may pick freed req in this way: [cpu0] [cpu1] fuse_dev_do_read() fuse_dev_do_write() list_move_tail(&req->list, ...); ... spin_unlock(&fpq->lock); ... ... request_end(fc, req); ... fuse_put_request(fc, req); if (test_bit(FR_INTERRUPTED, ...)) queue_interrupt(fiq, req); Fix that by keeping req alive until we finish all manipulations. Reported-by: syzbot+4e975615ca01f2277bdd@syzkaller.appspotmail.com Signed-off-by:
-
Amir Goldstein authored
commit 8f97d1e9 upstream. Some anon_bdev filesystems (e.g. overlayfs, ceph) don't have s_blocksize set. Returning zero from FIGETBSZ ioctl results in a Floating point exception from the e2fsprogs utility filefrag, which divides the size of the file with the value returned by FIGETBSZ. Fix the interface by returning -EINVAL for these filesystems. Fixes: d1d04ef8 ("ovl: stack file ops") Cc: <stable@vger.kernel.org> # v4.19 Signed-off-by:
Amir Goldstein <amir73il@gmail.com> Signed-off-by:
-
Himanshu Madhani authored
commit 39553065 upstream. This patch fixes multiple call for qla_nvme_unregister_remote_port() as part of qlt_schedule_session_for_deletion(), Do not call it again during qla_nvme_delete() Fixes: e473b307 ("scsi: qla2xxx: Add FC-NVMe abort processing") Cc: <stable@vger.kernel.org> Reviewed-by:
Ewan D. Milne <emilne@redhat.com> Signed-off-by:
Himanshu Madhani <himanshu.madhani@cavium.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by:
-
Quinn Tran authored
commit 732ee9a9 upstream. The response data buffer used in switch scan is reused 4 times. (For example, for commands GPN_FT, GNN_FT for FCP and FC-NVME) Before driver reuses this buffer, clear it to prevent duplicate entries in our database. Fixes: a4239945 ("scsi: qla2xxx: Add switch command to simplify fabric discovery" Cc: <stable@vger.kernel.org> Signed-off-by:
Quinn Tran <quinn.tran@cavium.com> Reviewed-by:
-
Quinn Tran authored
commit db186382 upstream. This patch fixes issue when remoteport registers itself as both FCP and FC-NVMe with the switch, driver will pick FC-NVMe personality as default when scanning for targets. Driver was using comaprative operator instead of bitwise operator to check for fc4_type for both FCP and FC-NVME. Fixes: 2b5b9647 ("scsi: qla2xxx: Fix FC-NVMe LUN discovery") Cc: <stable@vger.kernel.org> Signed-off-by:
-
Quinn Tran authored
commit f7d61c99 upstream. Send aborts only when chip is active. Fixes: 623ee824 ("scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset") Cc: <stable@vger.kernel.org> # 4.14 Signed-off-by:
-
Giridhar Malavali authored
commit bcc71cc3 upstream. This patch fixes issue during switch command query where driver was freeing SRB resources multiple times Following stack trace will be seen [ 853.436234] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001 [ 853.436348] IP: [<ffffffff811df514>] kmem_cache_alloc+0x74/0x1e0 [ 853.436476] PGD 0 [ 853.436601] Oops: 0000 [#1] SMP [ 853.454700] [<ffffffff81099f6a>] ? mod_timer+0x14a/0x220 [ 853.455543] [<ffffffff81185465>] mempool_alloc_slab+0x15/0x20 [ 853.456395] [<ffffffff811855a9>] mempool_alloc+0x69/0x170 [ 853.457257] [<ffffffff81098af2>] ? internal_add_timer+0x32/0x70 [ 853.458136] [<ffffffffc0092d2b>] qla2xxx_queuecommand+0x29b/0x3f0 [qla2xxx] [ 853.459024] [<ffffffff8146535a>] scsi_dispatch_cmd+0xaa/0x230 [ 853.459923] [<ffffffff8146e11f>] scsi_request_fn+0x4df/0x680 [ 853.460829] [<ffffffff81029557>] ? __switch_to+0xd7/0x510 [ 853.461747] [<ffffffff812f7113>] __blk_run_queue+0x33/0x40 [ 853.462670] [<ffffffff812f7735>] blk_delay_work+0x25/0x40 [ 853.463603] [<ffffffff810a882a>] process_one_work+0x17a/0x440 [ 853.464546] [<ffffffff810a94f6>] worker_thread+0x126/0x3c0 [ 853.465501] [<ffffffff810a93d0>] ? manage_workers.isra.24+0x2a0/0x2a0 [ 853.466447] [<ffffffff810b099f>] kthread+0xcf/0xe0 [ 853.467379] [<ffffffff810b08d0>] ? insert_kthread_work+0x40/0x40 [ 853.470172] Code: db e2 7e 49 8b 50 08 4d 8b 20 49 8b 40 10 4d 85 e4 0f 84 20 01 00 00 48 85 c0 0f 84 17 01 00 00 49 63 46 20 48 8d 4a 01 4d 8b 06 <49> 8b 1c 04 4c 89 e0 65 49 0f c7 08 0f 94 c0 84 c0 74 ba 49 63 [ 853.472072] RIP [<ffffffff811df514>] kmem_cache_alloc+0x74/0x1e0 [ 853.472971] RSP <ffff88103726fc50> Fixes: 726b8548 ("qla2xxx: Add framework for async fabric discovery") Cc: <stable@vger.kernel.org> Signed-off-by:
Giridhar Malavali <giridhar.malavali@cavium.com> Reviewed-by:
-
Quinn Tran authored
commit 5c640053 upstream. This patch fixes issue where driver clears NPort ID map instead of marking handle in use. Once driver clears NPort ID from the database, it can reuse the same NPort ID resulting in a PLOGI failure. [mkp: fixed Himanshu's SoB] Fixes: a084fd68 ("scsi: qla2xxx: Fix re-login for Nport Handle in use") Cc: <stable@vger.kernel.org> Signed-of-by:
Himanshu Madhani <hmadhani@cavium.com> Signed-off-by:
-
Quinn Tran authored
commit 56d942de upstream. Reject bsg request if chip is down. This prevent erroneous timeout. Fixes: d051a5aa ("[SCSI] qla2xxx: Add an "is reset active" helper.") Cc: stable@vger.kernel.org # 4.10 Signed-off-by:
-
Quinn Tran authored
commit 1e4ac5d6 upstream. If chip unable to fully initialize, use full shutdown sequence to clear out any stale FW state. Fixes: e315cd28 ("[SCSI] qla2xxx: Code changes for qla data structure refactoring") Cc: stable@vger.kernel.org #4.10 Signed-off-by:
-
Quinn Tran authored
commit 8235f4b5 upstream. Task abort can take 2 paths: 1) serial/synchronous abort where the calling thread will put to sleep, wait for completion and free cmd resource. 2) async abort where the cmd free will be free by the completion thread. For path 2, driver is freeing the SRB too early. Fixes: f6145e86 ("scsi: qla2xxx: Fix race between switch cmd completion and timeout") Cc: stable@vger.kernel.org # 4.19 Signed-off-by:
-
Quinn Tran authored
commit 7c388f91 upstream. Remove stale debug trace. Fixes: 1eb42f96 ("qla2xxx: Make trace flags more readable") Cc: stable@vger.kernel.org #4.10 Signed-off-by:
-
Quinn Tran authored
commit b86ac8fd upstream. This patch improves performance for 16G and above adapter by removing additional call to process_response_queue(). [mkp: typo] Cc: <stable@vger.kernel.org> Signed-off-by:
-
Himanshu Madhani authored
commit 4c1458df upstream. Fixes: 6246b8a1 ("[SCSI] qla2xxx: Enhancements to support ISP83xx.") Fixes: 1bb39548 ("qla2xxx: Correct iiDMA-update calling conventions.") Cc: <stable@vger.kernel.org> Signed-off-by:
-
Yoshihiro Shimoda authored
commit 641a41db upstream. This patch fixes an issue that the sci_remove() could not remove dev_attr_rx_fifo_timeout because uart_remove_one_port() set the port->port.type to PORT_UNKNOWN. Reported-by:
Hiromitsu Yamasaki <hiromitsu.yamasaki.ym@renesas.com> Fixes: 5d23188a ("serial: sh-sci: make RX FIFO parameters tunable via sysfs") Cc: <stable@vger.kernel.org> # v4.11+ Signed-off-by:
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Reviewed-by:
Ulrich Hecht <uli+renesas@fpond.eu> Signed-off-by:
-
Miklos Szeredi authored
commit d47748e5 upstream. Current behavior is to automatically disable metacopy if redirect_dir is not enabled and proceed with the mount. If "metacopy=on" mount option was given, then this behavior can confuse the user: no mount failure, yet metacopy is disabled. This patch makes metacopy=on imply redirect_dir=on. The converse is also true: turning off full redirect with redirect_dir= {off|follow|nofollow} will disable metacopy. If both metacopy=on and redirect_dir={off|follow|nofollow} is specified, then mount will fail, since there's no way to correctly resolve the conflict. Reported-by:
Daniel Walsh <dwalsh@redhat.com> Fixes: d5791044 ("ovl: Provide a mount option metacopy=on/off...") Cc: <stable@vger.kernel.org> # v4.19 Signed-off-by:
-
Miklos Szeredi authored
commit 5e127580 upstream. Kaixuxia repors that it's possible to crash overlayfs by removing the whiteout on the upper layer before creating a directory over it. This is a reproducer: mkdir lower upper work merge touch lower/file mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge rm merge/file ls -al merge/file rm upper/file ls -al merge/ mkdir merge/file Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the lookup of "upper" is positive and is a whiteout, and return ESTALE otherwise. Reported by: kaixuxia <xiakaixu1987@gmail.com> Signed-off-by:
-
Amir Goldstein authored
commit 6cd07870 upstream. linking a non-copied-up file into a non-copied-up parent results in a nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up target parent before ovl_nlink_start(), same as done in ovl_rename(). ~/unionmount-testsuite$ ./run --ov -s ~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/ WARNING: possible recursive locking detected -------------------------------------------- ln/1545 is trying to acquire lock: 00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at: ovl_copy_up_start+0x28/0x7d but task is already holding lock: 0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at: ovl_nlink_start+0x3c/0xc1 [SzM: this seems to be a false positive, but doing the copy-up first is harmless and removes the lockdep splat] Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com Fixes: 5f8415d6 ("ovl: persistent overlay inode nlink for...") Cc: <stable@vger.kernel.org> # v4.13 Signed-off-by:
-
Amir Goldstein authored
commit babf4770 upstream. We hit a BUG on kfree of an ERR_PTR()... Reported-by: syzbot+ff03fe05c717b82502d0@syzkaller.appspotmail.com Fixes: 8b88a2e6 ("ovl: verify upper root dir matches lower root dir") Cc: <stable@vger.kernel.org> # v4.13 Signed-off-by:
-
Young_X authored
commit e4f3aa2e upstream. There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). This issue is similar to CVE-2018-16658 and CVE-2018-10940. Signed-off-by:
Young_X <YangX92@hotmail.com> Signed-off-by:
Jens Axboe <axboe@kernel.dk> Cc: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by:
-
Hugues Fruchet authored
[ Upstream commit 985cdcb0 ] Mode setting depends on last mode set, in particular because of exposure calculation when downscale mode change between subsampling and scaling. At stream on the last mode was wrongly set to current mode, so no change was detected and exposure calculation was not made, fix this. Signed-off-by:
Hugues Fruchet <hugues.fruchet@st.com> Reviewed-by:
Jacopo Mondi <jacopo@jmondi.org> Tested-by:
Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by:
Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
-
Dan Carpenter authored
[ Upstream commit ff30e9e8 ] We accidentally left out the size of the amdgpu_bo_list struct. It could lead to memory corruption on 32 bit systems. You'd have to pick the absolute maximum and set "num_entries == 59652323" then size would wrap to 16 bytes. Fixes: 920990cb ("drm/amdgpu: allocate the bo_list array after the list") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by:
Huang Rui <ray.huang@amd.com> Reviewed-by:
Bas Nieuwenhuizen <basni@chromium.org> Signed-off-by:
Alex Deucher <alexander.deucher@amd.com> Signed-off-by:
-
Dominique Martinet authored
[ Upstream commit 62e39417 ] p9stat_free is more of a cleanup function than a 'free' function as it only frees the content of the struct; there are chances of use-after-free if it is improperly used (e.g. p9stat_free called twice as it used to be possible to) Clearing dangling pointers makes the function idempotent and safer to use. Link: http://lkml.kernel.org/r/1535410108-20650-2-git-send-email-asmadeus@codewreck.orgSigned-off-by:
Dominique Martinet <dominique.martinet@cea.fr> Reported-by: syzbot+d4252148d198410b864f@syzkaller.appspotmail.com Signed-off-by:
-
Hugues Fruchet authored
[ Upstream commit fb98e29f ] fixes: 6949d864 ("media: ov5640: do not change mode if format or frame interval is unchanged"). Symptom was fuzzy image because of JPEG default format not being changed according to new format selected, fix this. Init sequence initialises format to YUV422 UYVY but sensor->fmt initial value was set to JPEG, fix this. Signed-off-by:
-
Sébastien Szymanski authored
[ Upstream commit 31edaa6e ] Signals available on both i.MX6UL and i.MX6ULL should have the same name because it is the case of all others common signals, it avoids to make mistakes (use the wrong ones) and it makes writing device tree files less complicated. For example: imx6ul-imx6ull-board.dtsi: ... pinctrl_uart5: uart5grp { fsl,pins = < MX6UL_PAD_UART5_TX_DATA__UART5_DCE_TX 0x1b0b1 MX6UL_PAD_UART5_RX_DATA__UART5_DCE_RX 0x1b0b1 >; }; imx6ul-board.dts: #include <imx6ul.dtsi> #include <imx6ul-imx6ull-board.dtsi> ... imx6ull-board.dts: #include <imx6ull.dtsi> #include <imx6ul-imx6ull-board.dtsi> ... Without this patch, the imx6ull-board.dtb will use MX6UL_PAD_UART5_RX_DATA__UART5_DCE_RX instead of MX6ULL_PAD_UART5_RX_DATA__UART5_DCE_RX and the uart5 will be misconfigured. Signed-off-by:
Sébastien Szymanski <sebastien.szymanski@armadeus.com> Reviewed-by:
Fabio Estevam <fabio.estevam@nxp.com> Acked-by:
Shawn Guo <shawnguo@kernel.org> Signed-off-by:
-
Jan Kara authored
[ Upstream commit a9ad01bc ] There are certain filesystem features which we support for reading but not for writing. We properly refuse to mount such filesystems read-write however for some features (such as read-only partitions), we don't check for these features when remounting the filesystem from read-only to read-write. Thus such filesystems could be remounted read-write leading to strange behavior (most likely crashes). Fix the problem by marking in superblock whether the filesystem has some features that are supported in read-only mode and check this flag during remount. Signed-off-by:
Jan Kara <jack@suse.cz> Signed-off-by:
-
Dominique Martinet authored
[ Upstream commit b4dc44b3 ] the 9p client code overwrites our glock.client_id pointing to a static buffer by an allocated string holding the network provided value which we do not care about; free and reset the value as appropriate. This is almost identical to the leak in v9fs_file_getlock() fixed by Al Viro in commit ce85dd58 ("9p: we are leaking glock.client_id in v9fs_file_getlock()"), which was returned as an error by a coverity false positive -- while we are here attempt to make the code slightly more robust to future change of the net/9p/client code and hopefully more clear to coverity that there is no problem. Link: http://lkml.kernel.org/r/1536339057-21974-5-git-send-email-asmadeus@codewreck.orgSigned-off-by:
-
Colin Ian King authored
[ Upstream commit 1f447e51 ] Currently we have structrues comp (which is empty) and comp_info being used to register and deregister the component. This mismatch in naming occurred from a previous commit that renamed aim_info to comp. Fix this to use consistent component naming in line with most/net, most/sound etc. This fixes the message two issues, one with a null empty name when loading the module: [ 1485.269515] most_core: registered new core component (null) and an Oops when removing the module: [ 1485.277971] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 1485.278648] PGD 0 P4D 0 [ 1485.279253] Oops: 0002 [#2] SMP PTI [ 1485.279847] CPU: 1 PID: 32629 Comm: modprobe Tainted: P D WC OE 4.18.0-8-generic #9 [ 1485.280442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 [ 1485.281040] RIP: 0010:most_deregister_component+0x3c/0x70 [most_core] .. etc Fixes: 1b10a031 ("staging: most: video: remove aim designators") Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Andrey Grodzovsky authored
[ Upstream commit d8de8260 ] After GPU reset amdgpu_vm_clear_bo triggers VM flush but job->vm_pd_addr is not set causing SDMA TO. v2: Per advise by Christian König avoid flushing VM for jobs where job->vm_pd_addr wasn't explicitly set. v3: Shortcut vm_flush_needed early. Fixes cbd52851 drm/amdgpu: move setting the GART addr into TTM. Signed-off-by:
Andrey Grodzovsky <andrey.grodzovsky@amd.com> Reviewed-by:
Christian König <christian.koenig@amd.com> Signed-off-by:
-
Kieran Bingham authored
[ Upstream commit 2a3181d9 ] The R-Car Gen3 DU utilises the VSP1 hardware for memory access. The limits on the RPF and WPF in this pipeline are 8190x8190. Update the supported maximum sizes accordingly. Signed-off-by:
Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> Reviewed-by:
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com> Signed-off-by:
-
Alexandru Ardelean authored
[ Upstream commit 4ee03330 ] Fixes commit 17be2a29 ("staging: iio: ad7606: replace range/range_available with corresponding scale"). The AD7606 devices don't have a 2.5V voltage range, they have 5V & 10V voltage range, which is selectable via the `gpio_range` descriptor. The scales also seem to have been miscomputed, because when they were applied to the raw values, the results differ from the expected values. After checking the ADC transfer function in the datasheet, these were re-computed. Signed-off-by:
Alexandru Ardelean <alexandru.ardelean@analog.com> Signed-off-by:
Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by:
-
Breno Leitao authored
[ Upstream commit 693b31b2 ] Test tm-tmspr might exit before all threads stop executing, because it just waits for the very last thread to join before proceeding/exiting. This patch makes sure that all threads that were created will join before proceeding/exiting. This patch also guarantees that the amount of threads being created is equal to thread_num. Signed-off-by:
Breno Leitao <leitao@debian.org> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
-
Marco Felsch authored
[ Upstream commit bd24db04 ] The driver ignored the width alignment which exists due to the UYVY colorspace format. Fix the width alignment and make use of the the provided v4l2 helper function to set the width, height and all alignments in one. Fixes: 963ddc63 ("[media] media: tvp5150: Add cropping support") Signed-off-by:
Marco Felsch <m.felsch@pengutronix.de> Signed-off-by:
-
Phil Elwell authored
[ Upstream commit 83444987 ] The SC16IS752 is a dual-channel device. The two channels are largely independent, but the IRQ signals are wired together as an open-drain, active low signal which will be driven low while either of the channels requires attention, which can be for significant periods of time until operations complete and the interrupt can be acknowledged. In that respect it is should be treated as a true level-sensitive IRQ. The kernel, however, needs to be able to exit interrupt context in order to use I2C or SPI to access the device registers (which may involve sleeping). Therefore the interrupt needs to be masked out or paused in some way. The usual way to manage sleeping from within an interrupt handler is to use a threaded interrupt handler - a regular interrupt routine does the minimum amount of work needed to triage the interrupt before waking the interrupt service thread. If the threaded IRQ is marked as IRQF_ONESHOT the kernel will automatically mask out the interrupt until the thread runs to completion. The sc16is7xx driver used to use a threaded IRQ, but a patch switched to using a kthread_worker in order to set realtime priorities on the handler thread and for other optimisations. The end result is non-threaded IRQ that schedules some work then returns IRQ_HANDLED, making the kernel think that all IRQ processing has completed. The work-around to prevent a constant stream of interrupts is to mark the interrupt as edge-sensitive rather than level-sensitive, but interpreting an active-low source as a falling-edge source requires care to prevent a total cessation of interrupts. Whereas an edge-triggering source will generate a new edge for every interrupt condition a level-triggering source will keep the signal at the interrupting level until it no longer requires attention; in other words, the host won't see another edge until all interrupt conditions are cleared. It is therefore vital that the interrupt handler does not exit with an outstanding interrupt condition, otherwise the kernel will not receive another interrupt unless some other operation causes the interrupt state on the device to be cleared. The existing sc16is7xx driver has a very simple interrupt "thread" (kthread_work job) that processes interrupts on each channel in turn until there are no more. If both channels are active and the first channel starts interrupting while the handler for the second channel is running then it will not be detected and an IRQ stall ensues. This could be handled easily if there was a shared IRQ status register, or a convenient way to determine if the IRQ had been deasserted for any length of time, but both appear to be lacking. Avoid this problem (or at least make it much less likely to happen) by reducing the granularity of per-channel interrupt processing to one condition per iteration, only exiting the overall loop when both channels are no longer interrupting. Signed-off-by:
Phil Elwell <phil@raspberrypi.org> Signed-off-by:
-
John Garry authored
[ Upstream commit a27d9382 ] In commit c58caaab ("serial: 8250: of: Defer probe on missing IRQ"), a check was added for the UART driver being probed prior to the parent IRQ controller. Unfortunately this breaks certain boards which have no interrupt support, like Huawei D03. Indeed, the 8250 DT bindings state that interrupts should be supported - not must. To fix, switch from irq_of_parse_and_map() to of_irq_get(), which does relay whether the IRQ host controller domain is not ready, i.e. defer probe, instead of assuming it. Fixes: c58caaab ("serial: 8250: of: Defer probe on missing IRQ") Signed-off-by:
John Garry <john.garry@huawei.com> Reviewed-by:
Alexander Sverdlin <alexander.sverdlin@nokia.com> Tested-by:
-
Gao Xiang authored
[ Upstream commit 37ec35a6 ] This patch fixes a missing endian conversion in vle_get_logical_extent_head. Reviewed-by:
Chao Yu <yuchao0@huawei.com> Signed-off-by:
Gao Xiang <gaoxiang25@huawei.com> Signed-off-by:
-
